On-chain sleuth ZachXBT has shared his findings on what he sees as the three most typical misconceptions about the FTX hack — taking to Twitter to right a “ton of misinformation” about the occasion and the potential culprits.
In a prolonged Nov. 20 submit on Twitter, the self-proclaimed “on-chain sleuth” debunked hypothesis that Bahamian officers had been behind the FTX hack, that exchanges knew the hacker’s true id, and that the perpetrator is buying and selling memecoins.
1/ I’ve seen a ton of misinformation being unfold on Twitter and in the information about the FTX occasion so let me debunk the three most typical issues I’ve seen
“Bahamian officials are behind the FTX hack”“Exchanges know who the hacker is”“FTX hacker is trading meme coins” pic.twitter.com/IAtHnpJI44
— ZachXBT (@zachxbt) November 20, 2022
On the identical day that FTX filed for chapter on Nov. 11, the crypto neighborhood started flagging suspicious transactions on wallets related to FTX, with greater than $650 million transferred off the pockets.
While there was no official perpetrator has been recognized, a Nov. 17 assertion from the Securities Commission of the Bahamas (SCB) that said it had ordered the switch of all digital belongings of FTX to a digital pockets owned by the fee round that point prompted some to consider the SCB was behind the supposed “hack.”
However, ZachXBT argued that the “0x59” pockets deal with related to the hacker was a blackhat deal with and never affiliated with both the FTX staff or the SCB as a result of it “began selling tokens for ETH, DAI, and BNB and using a variety of bridges so crypto couldn’t be frozen on 11/12.”
“The fact 0x59 was dumping tokens and bridging sporadically was very different behavior from the other addresses who withdrew from FTX and instead sent to a multisig on chains like Eth or Tron,” he added.
Zach also notes that the blackhat wallet also had contact with another wallet, 0x24, which he suggests “has very [suspicious] habits on-chain utilizing sketchy providers.”
“This habits utterly differs what was stated about the Debtors transferring belongings to chilly storage or Bahamian authorities transferring belongings to Fireblocks.”
ZachXBT says his final clue was the wallet address selling Ether (ETH) for renBTC and then using RenBridge, which he says will most likely end with the funds being sent to “a mixer in some unspecified time in the future in the future.”
Blockchain analytics firm Chainalysis came to a similar conclusion in a Nov. 20 post, noting that:
“Reports that the funds stolen from FTX had been truly despatched to the Securities Commission of The Bahamas are incorrect. Some funds had been stolen, and different funds had been despatched to the regulators.”
FTX has also commented on the recent fund movements, posting a warning to exchanges “that sure funds transferred from FTX Global and associated debtors with out authorization on 11/11/22 are being transferred to them via intermediate wallets.”
(2/2) Exchanges ought to take all measures to safe these funds to be returned to the chapter property.
— FTX (@FTX_Official) November 20, 2022
ZachXBT additionally highlighted the potential misinformation surrounding the declare the hacker’s id had been found by “Kraken or other exchanges.”
The rumor had been circulating since Kraken’s chief safety officer claimed in a Nov.12 submit that“We know the identity of the user.”
Zach says “In reality” the person recognized as the hacker was doubtless simply the FTX group securing belongings to a multi-signature pockets on Tron, utilizing Kraken on account of the FTX scorching pockets being out of gasoline for transactions., stating:
“The withdrawals to these multisigs also matched what Ryne Miller (FTX GC) had said at the time. This took place hours after the initial 0x59 withdrawals.”
Related: FTX funds on the transfer as thief converts 1000’s of ETH into Bitcoin
As his final level, ZachXBT took goal at the rumor that the FTX hacker is buying and selling memecoins, which was first famous by blockchain analytics agency CertiK.
Instead, the blockchain detective claims the transfers have been “spoofed” on the Ethereum community, citing a March weblog by Etherscan neighborhood member, Harith Kamarul explaining how transactions may be faked.